Threat Modeling
Designing for Security in an AI World
Häftad, Engelska, 2027
791 kr
Kommande
Fler format och utgåvor
Beskrivning
A major update to the definitive guide on threat modeling techniques for secure by designMore than just a second edition, Threat Modeling: Designing for Security in an AI World thoroughly updates and expands on Adam Shostack's classic text and structured approach to analyzing and designing systems, software, and services for security flaws to address threats and technologies that didn’t exist when the first edition published. Most notably every reader will benefit from two new chapters covering using LLMs to threat model and exploring threats to LLMs, AIs, and ML Models themselves. There’s a new deep focus on agile and an expansion of who's involved in threat modeling, now including non-technical product owners. All told, half of this edition is completely new or heavily revised.Often called “the Bible of threat modeling,” Shostack’s approach has been adopted across industry, governments and is at the heart of OWASP’s threat modeling approaches. The first edition proved to be enduring and timeless, providing techniques that continued to work as technology and development paradigms shifted.This second edition presents an updated version of Shostack's Four-Question Framework that structures the threat modeling process from initial analysis through remediation. The specific actionable techniques proven from the first edition are updated to draw on thousands of conversations over the last decade. The guidance spans all technology. Readers gain structured methods to evaluate new additions to their technology, or business enterprise, and to select and prioritize effective defenses.You'll also discover: Increased discussion of cloud, IoT, and mobileA new chapter on boundaries, including how to identify and validate them across complex system architecturesA new chapter on attack lifecycle models introduces the two most popular cyber kill chains, mapping attacker progression stages to identify optimal defensive intervention pointsA new framework for selecting and implementing effective defenses, spanning and clarifying choices from designs on the back of a napkin through systems that have been in operation since before the first editionProven techniques for defensively managing remaining risk after threat identification, with structured and repeatable organizational approachesA cohesive scaling chapter transitions readers from the technical skills they acquire to the business challenges of scaling threat modelingFive legacy chapters and four appendices from the first edition are now available online at the book’s website, making room in the book for all of the new content while keeping cut material available for referenceWritten for engineers of all sorts, including security architects, security engineers, penetration testers, software developers building secure products, and IT administrators with security responsibilities, this Second Edition equips practitioners with structured, repeatable methods for identifying threats and designing defenses across any technology stack.The first edition showed how secure by design was a real possibility. The second shows even more clearly how to make it happen in your technology and products.